#!/bin/sh # Make directories, change permissions. /usr/sbin/groupadd -g 501 farms /usr/sbin/useradd -g 501 -u 500 farms /bin/mkdir -p /fnal/ups /bin/mkdir -p /pnfs/cms /bin/mkdir -p /home/farms /bin/mkdir -p -m 2711 /var/adm/krb5/farms /bin/mkdir -p /home/farms/fbsng_root /bin/mkdir /data /bin/chown 9811.5063 /data /bin/chown 500.501 /var/adm/krb5/farms /bin/chown 500.501 /home/farms/fbsng_root /bin/chmod 1777 /tmp /bin/chmod 777 /data /bin/chmod 1777 /tmp /bin/chmod 755 /etc/rc.d/rc.local /sbin/chkconfig --level 345 facct on /sbin/chkconfig --level 345 portmap on /sbin/chkconfig --level 345 rstatd on /sbin/chkconfig --level 345 ypbind on /sbin/chkconfig --level 345 telnet on /sbin/chkconfig --level 345 ftp on /sbin/chkconfig --level 345 eklogin on /sbin/chkconfig --level 345 klogin on /sbin/chkconfig --level 345 kshell on /sbin/chkconfig --level 2345 lpd off /sbin/chkconfig --level 2345 sendmail off /sbin/chkconfig --level 2345 kudzu off /sbin/chkconfig --level 2345 identd off /sbin/chkconfig --level 2345 gpm off /sbin/chkconfig --level 2345 ipchains off /sbin/chkconfig --level 2345 iptables off /sbin/chkconfig --level 2345 rhnsd off /sbin/chkconfig --level 2345 apmd off /sbin/chkconfig --level 2345 ntpd off /sbin/chkconfig --level 2345 rawdevices off # Turn off unnecessary services. /sbin/chkconfig --add nfslock /sbin/chkconfig --level 2345 nfslock on # put the yp host into the hosts file. /bin/cp /etc/hosts /etc/hosts.orig /bin/echo "131.225.206.41 cmsun1.fnal.gov cmsun1" >> /etc/hosts # put in the other name server /bin/cp /etc/resolv.conf /etc/resolv.conf.orig /bin/echo "nameserver 131.225.17.150" >> /etc/resolv.conf # hosts.allow and hosts.deny /bin/cp /etc/hosts.allow /etc/hosts.allow.orig /bin/cp /etc/hosts.deny /etc/hosts.deny.orig /bin/echo '# # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # portmap: 131.225.0.0/255.255.0.0 LOCAL 127.0.0.1 rpc.mountd: 131.225. LOCAL 127.0.0.1 ALL: .fnal.gov 131.225. LOCAL 127.0.0.1 : banners /etc/banners sshd: ALL ftpd: ALL' > /etc/hosts.allow /bin/echo '# # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! ALL: ALL except 127.0.0.1 : banners /etc/banners' > /etc/hosts.deny # fix grub #/bin/sed -e '/timeout/a\ #serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 \ #terminal --timeout=5 serial console' -e "s/hda1/hda1 console=tty0 console=ttyS0,115200/g" /boot/grub/grub.conf > /tmp/grub.conf #/bin/cp /tmp/grub.conf /boot/grub/grub.conf # yp.conf /bin/cp /etc/CMSfarm/configfiles/yp.conf /etc/yp.conf /bin/cp /etc/CMSfarm/configfiles/k5login /root/.k5login # fix the nsswitch file to get your hostnames via DNS /bin/cp /etc/nsswitch.conf /etc/nsswitch.conf.orig /bin/sed "s/\(^hosts: *\)\(files *\)\(nisplus nis *\)\(dns\)/\1\4 \2/g" /etc/nsswitch.conf.orig > /etc/nsswitch.conf # put in the correct sysctl.conf /bin/cp /etc/sysctl.conf /etc/sysctl.conf.orig /bin/sed "s/kernel.sysrq = 0/kernel.sysrq = 1/g" /etc/sysctl.conf.orig > /etc/sysctl.conf /bin/echo "kernel.panic = 60" >> /etc/sysctl.conf /bin/echo "net.ipv4.tcp_rmem = 4096 87380 8388607" >> /etc/sysctl.conf /bin/echo "net.ipv4.tcp_wmem = 4096 65536 8388607" >> /etc/sysctl.conf /bin/echo "net.core.rmem_max = 8388607" >> /etc/sysctl.conf /bin/echo "net.core.wmem_max = 8388607" >> /etc/sysctl.conf /bin/echo "fs.file-max = 131072" >> /etc/sysctl.conf #put in a usable root .bashrc. /bin/cp /etc/CMSfarm/configfiles/root.bashrc /root/.bashrc # put in a gmond.conf file /bin/cp /etc/CMSfarm/configfiles/gmond.conf /etc/gmond.conf # add /etc/shells entries /bin/echo "/usr/local/bin/bash" >> /etc/shells /bin/echo "/usr/local/bin/tcsh" >> /etc/shells cat >> /var/spool/cron/root << 'EOF' 0 8-18 * * 1-5 /usr/lib/sa/sa1 1200 3 & 5 19 * * 1-5 /usr/lib/sa/sa2 -A & EOF #/bin/cp /etc/CMSfarm/configfiles/fbsng /etc/init.d #/bin/cp /etc/CMSfarm/configfiles/ngop /etc/init.d #Do we want these #/sbin/chkconfig --add fbsng #/sbin/chkconfig --add ngop #/sbin/chkconfig --level 345 fbsng on #/sbin/chkconfig --level 345 ngop on #/sbin/chkconfig --level 345 lm_sensors on #/sbin/chkconfig --level 345 dfarm on /bin/cp /etc/CMSfarm/configfiles/ssh_known_hosts /etc/ssh IPADDR=`/bin/grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | cut -d= -f 2` THISHOST=`/usr/bin/dig -x $IPADDR +short | sed "s/\.$//g"` NICKNAME=`echo $THISHOST | cut -d. -f 1` # Determine which CMS IO node this cluster will receive nfs mounted directories # from. case $THISHOST in gyoza*) MYHOST='ramen';; fry*) MYHOST='wasabi';; popcrn*) MYHOST='gallo';; *) MYHOST='whopper';; esac add_fstab=" $MYHOST:/fnal/ups /fnal/ups nfs rsize=32768,wsize=32768,ro,hard,intr,bg 0 0 $MYHOST:/data /data nfs rsize=32768,wsize=32768,rw,hard,bg,intr 0 0 $MYHOST:/home/farms /home/farms nfs rsize=32768,wsize=32768,rw,hard,bg,intr 0 0 $MYHOST:/usr/local /usr/local nfs rsize=32768,wsize=32768,rw,hard,bg,intr 0 0 stkensrv1:/cms /pnfs/cms nfs user,intr,hard,bg,rw,noac 0 0" echo "$add_fstab" >> /etc/fstab # this fixes the $%@#$%# problem with kudzu putting in an agetty line /bin/sed /agetty/\d /etc/inittab > /etc/inittab.new /bin/mv /etc/inittab.new /etc/inittab cat >> /etc/inittab << 'EOF' c:12345:respawn:/sbin/mingetty ttyS0 EOF /sbin/chkconfig --level 345 facct on /sbin/chkconfig --level 345 portmap on /sbin/chkconfig --level 345 rstatd on /sbin/chkconfig --level 345 ypbind on /sbin/chkconfig --level 345 telnet on /sbin/chkconfig --level 345 ftp on /sbin/chkconfig --level 345 eklogin on /sbin/chkconfig --level 345 klogin on /sbin/chkconfig --level 345 kshell on /sbin/chkconfig --level 2345 lpd off /sbin/chkconfig --level 2345 sendmail off /sbin/chkconfig --level 2345 kudzu off /sbin/chkconfig --level 2345 identd off /sbin/chkconfig --level 2345 gpm off /sbin/chkconfig --level 2345 ipchains off /sbin/chkconfig --level 2345 iptables off /sbin/chkconfig --level 2345 rhnsd off /sbin/chkconfig --level 2345 ypbind off /sbin/chkconfig --level 2345 apmd off /sbin/chkconfig --level 2345 ntpd off /sbin/chkconfig --level 2345 rawdevices off /bin/rpm -e lilo /sbin/grub-install /dev/hda /sbin/pullrsync -H `hostname -s` -I -T hotdog64 -L -v -c cms #/usr/sbin/ntpdate -s 131.225.206.200 #/usr/krb5/sbin/kadmin -r FNAL.GOV -p host/$THISHOST@FNAL.GOV -w "YTja82znrdt" -q "ktadd host/$THISHOST@FNAL.GOV" #/usr/krb5/sbin/kadmin -r FNAL.GOV -p ftp/$THISHOST@FNAL.GOV -w "YTja82znrdt" -q "ktadd ftp/$THISHOST@FNAL.GOV" ##send the new keytab to vanadium #scp /etc/krb5.keytab root@vanadium:/root/ICABOD/kerberos/keytabs/$NICKNAME ##get the ssh keys from vanadium #scp root@vanadium:/root/ICABOD/ssh/keytabs/$NICKNAME/ssh*key* /etc/ssh